<?php
/* $Id: panel_editlist.php 65 2011-02-22 18:32:17Z jim2212001@gmail.com $ */
if(!defined('WEBHOME'))
	die ('DO NOT EXECUTE THIS FILE');
if(!isLogin())
	doLogin();
	
$avalibleAction=array('addbook','deletebook','viewfollow');
$tpl->assign('loadjs',array('page/panel/editlist'));
function getBookList(){
	global $db,$tpl;
	/* get book list*/
	$sql = 'SELECT * FROM `booklist` WHERE `orderListId`=\''.intval($_GET['id']).'\' ORDER BY `id` ASC';//reverse order
	if(($res = $db->query($sql))!==false){
		while($row = $res->fetch_assoc()){
			$books[]=json_encode($row);
			$list[$row['id']]=$row;
		}
	}
	$tpl->assign('books', $books);
	$tpl->assign('bookList', $list);
	return $list;
}
if(!isset($_GET['id']) || !is_numeric($_GET['id'])){
	errMsg(MSG_UNKNOW_ACTION);
	redirectMsg('panel.php');
}else{
	$sql = 'SELECT * FROM `orderlist` WHERE `id`=\''.intval($_GET['id']).'\' LIMIT 1';
	$res = $db->query($sql,1);
	if(($row = $res->fetch_assoc())===NULL){//Not found
		errMsg(MSG_PANEL_EDITLIST_NOTFOUND);
		redirectMsg('panel.php?action=orderlist');
	}
	if($row['founderId']!=$_SESSION['id'] && !hasPerm(PERM_ADMIN)){
		errMsg(MSG_PERMISSION_DENIED);
		redirectMsg('panel.php?action=orderlist');
	}
	$tpl->assign('list',$row);
}
if(isset($_GET['action']) && in_array($_GET['action'],$avalibleAction)){
	$page=$page.'_'.$_GET['action'];
	if($_GET['action']=='addbook'){
		escape_all($_POST);
		$res = $_POST;
		$res['status']='fail';
		$validate=array(
			array('type'=>'length','field'=>'title','min'=>3,'max'=>90),
			array('type'=>'length','field'=>'author','min'=>3,'max'=>90),
			array('type'=>'length','field'=>'publisher','min'=>0,'max'=>90),
			array('type'=>'length','field'=>'isbn','min'=>0,'max'=>13),
			array('type'=>'int','field'=>'price','min'=>0),
			array('type'=>'link','field'=>'link','optional'=>true),
			array('type'=>'link','field'=>'thumb','optional'=>true)
		);
		ajaxValidate($res,$_POST,$validate);
		$sql = 'INSERT INTO `booklist` (`orderListId`,`title`,`author`,`publisher`,`link`,`thumb`,`price`,`isbn`) VALUES('.
				"'".$_GET['id']."','".$_POST['title']."','".$_POST['author']."','".$_POST['publisher']."','".$_POST['link']."','".$_POST['thumb']."','".$_POST['price']."','".$_POST['isbn']."')";
		if($db->silentquery($sql)===false){
			$res['type']='mysql';
			if(hasPerm(PERM_ADMIN)){
				$res['error']=$db->error;
			}
			exit(json_encode($res));
		}
		$res['status']='success';
		$res['id']=$db->insert_id;
		exit(json_encode($res));
	}elseif($_GET['action']=='deletebook'){
		$sql = 'SELECT * FROM `booklist` WHERE `id`=\''.intval($_GET['bookid']).'\' AND `orderListId`=\''.intval($_GET['id']).'\' LIMIT 1';
		$res = $db->query($sql,1);
		if(($row = $res->fetch_assoc())===NULL){//Not found
			errMsg(MSG_PERMISSION_DENIED);
		}else{
			$sql = 'DELETE FROM `booklist` WHERE `id`=\''.intval($_GET['bookid']).'\' LIMIT 1';
			if(($res = $db->query($sql,1))===false)
				errMsg(MSG_PANEL_EDITLIST_DELETEFAIL);
			else
				infoMsg(MSG_PANEL_EDITLIST_DELETED);
		}
		redirectMsg('panel.php?page=editlist&id='.intval($_GET['id']));
	}elseif($_GET['action']=='viewfollow'){
		$lists = getBookList();
		$sql = 'SELECT followlist.record,account.name FROM `followlist` LEFT JOIN `account` ON account.id = followlist.followerId WHERE `orderListId`=\''.intval($_GET['id']).'\' ORDER BY followlist.id ASC';
		$res = $db->query($sql,1);
		$listTotal = 0;
		while($row = $res->fetch_assoc()){
			$record = json_decode($row['record']);
			if(is_array($record)){
				$followTotal = 0;
				foreach($record as $v){
					$books['value'][$v->id] = intval($v->value);
					$followTotal += intval($v->value)*$lists[$v->id]['price'];
				}
				$books['name']=$row['name'];
				$books['total']=$followTotal;
				$listTotal+=$followTotal;
				$records[]=$books;
			}
		}
		$tpl->assign('records', $records);
		$tpl->assign('total',$listTotal);
	}
}else{
	getBookList();
}
?>
